ICS security trends

As the Industrial Internet of Things (IIoT) becomes more prevalent, there is a greater risk for intentional and unintentional cyber security breaches. Industrial control system (ICS) security should focus on advanced security-focused products; security as an attribute of all Ethernet devices; and further adoption of defense-in-depth as major trends going forward.


Cyber security has been increasing in importance in industrial facilities since the discovery of Stuxnet in 2010. More recently, there's been the rise of the Industrial Internet of Things (IIoT) with its increased numbers of connected devices and links to the Internet and business systems.

More IIoT-related entry points to industrial communications infrastructure means more cyber risk from not only intentional attacks but also from unintentional sources such as device failure, operator error, and malware. In manufacturing and process control environments this means higher risk to physical devices and processes and the possibility of physical, not just digital, damage.

What does this imply for industrial control system (ICS) security going forward? There are three trends to consider: advanced security-focused products; security as an attribute of all Ethernet devices; and further adoption of defense-in-depth. 

Advanced industrial security-focused products

One trend is increased cyber security risk, which is leading vendors to develop advanced technologies that deal with the particular challenges of control system security. One aspect of these challenges is the widespread use of ICS communication protocols not designed with security in mind. Securing them without impacting their control functionality requires advanced technology.

An example is the deep packet inspection (DPI) capability. On the one hand, intrusion detection systems (IDS) monitor only for broad categories of basic attacks. On the other hand, most firewalls use access control lists or stateful firewalls to either allow or block all messages of an industrial protocol such as Modbus TCP.

DPI, however, digs deeper to understand what the protocol is being used for and provide protection, not just detection. DPI does this, for instance, by determining if a Modbus message is read or write and dropping all write messages, or only allowing writes of particular registers. This allows the protection to be exactly tailored to the application, allowing essential control messages to communicate as required while blocking potentially dangerous or inappropriate messages.

Security built-in to Ethernet networking devices

Ethernet networking devices such as industrial routers, switches, and firewalls are at every connection point of the ICS network. This makes them ideal security sentinels to identify and control traffic entering and leaving at all points of the communications infrastructure. However, studies show most industrial cyber incidents are unintentional. These incidents occur due to human error, a software or device flaw, or an inadvertent introduction of malware infection. This means ICS security needs to protect from "friends and neighbors" as well as "enemies." A focused effort to evolve all Ethernet devices to play an active role in their own security can help mitigate some of these risks.

Further adoption of defense-in-depth best practices

The principles of defense-in-depth, as per ISA IEC 62443 (formerly ISA 99), have been well understood and readily adopted into many perceived "high risk" applications. However, in both the installed base of control systems as well as new deployments, many industrial networks still do not follow these principles.

Perhaps this is because many industrial engineers and operators have viewed cyber security as being relevant only for protection from intentional attacks from hackers. Most industrial cyber incidents are unintentional, and they don't target only high-profile systems. Human error and device flaws can happen to anyone.

Defense-in-depth is as much about enhancing system reliability and resiliency as it is about security. As this realization spreads, the adoption of defense-in-depth practices will increase.

Good cyber security is an ongoing process. That means vigilance where users monitor communication systems for unusual activity or configurations changes and investigate alterations and anomalies. Get started on better cyber security today and make it a focus area for continuous improvement.

Heather MacKenzie is with Tofino Security, a Belden company; Jeff Lund is responsible for Belden's product initiatives related to the Industrial Internet of Things (IIoT). This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, cvavra@cfemedia.com.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me